File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2121
2222mkdir -p " ${output} "
2323
24- # Build the UKI using bootc container ukify
25- # This computes the composefs digest, reads kargs from kargs.d, and invokes ukify
26- #
24+ # Baseline ukify options
25+ ukifyargs=(--measure
26+ --json pretty
27+ --output " ${output} /${kver} .efi"
28+
29+ # Signing options, we use sbsign by default
30+ ukifyargs+=(--signtool sbsign
31+ --secureboot-private-key " ${secrets} /secureboot_key"
32+ --secureboot-certificate " ${secrets} /secureboot_cert"
33+
34+ # Baseline container ukify options
35+ containerukifyargs=(--rootfs " ${target} "
36+
2737# WORKAROUND: SELinux must be permissive for sealed UKI boot
2838# See https://github.com/bootc-dev/bootc/issues/1826
29- bootc container ukify --rootfs " ${target} "
30- --karg enforcing=0 \
31- -- \
32- --signtool sbsign \
33- --secureboot-private-key " ${secrets} /secureboot_key"
34- --secureboot-certificate " ${secrets} /secureboot_cert"
35- --measure \
36- --json pretty \
37- --output " ${output} /${kver} .efi"
39+ containerukifyargs+=(--karg enforcing=0)
40+
41+ # Build the UKI using bootc container ukify
42+ # This computes the composefs digest, reads kargs from kargs.d, and invokes ukify
43+ bootc container ukify " ${containerukifyargs[@]} " " ${ukifyargs[@]} "
You can’t perform that action at this time.
0 commit comments